Jump to content

L2jOrion - Sourcecode.


Recommended Posts

  • 7 months later...
  • 3 months later...
On 2/26/2023 at 9:07 AM, sqhizein said:

Which Revision is this cracked source ? 

Changeset #28 | Revision #899

Changeset #27 | Revision #869

Changeset #24 | Revision #663

 

i couldn't find any info for that 

The last free version available is L2JOrion r21, even then without the phantom settings and others.

Link to comment
Share on other sites

  • 1 year later...

Well, sorry not sorry for resurrecting old topic, but I believe it's ultimately stupid to implement license checks like Vilmis did 🙂


 

	private static String url = "jdbc:mysql://185.80.128.233/" + getData("Zm9ydW1fZGI=");
	private static String username = getData("bXJjb3B5cmlnaHQ=");
	private static String password = getData("Y29weXJpZ2h0XzEyMw==");

	con = GlobalDB.getInstance().getConnection();

	PreparedStatement statement;
	statement = con.prepareStatement("SELECT field_6 from core_pfields_content WHERE member_id = ?");
	statement.setInt(1, Config.FORUM_USER_ID);
	ResultSet rset = statement.executeQuery();

 

This awesome way of coding things leaves us with base64-encoded credentials and DB exposed and accessible globally 😉 Btw he checks his licensing data from some plugin generated table his forum uses.
Vilmis took action and ensured that mrcopyright user would have only needed accesses and rights for this operation. But he forgot to ensure that his INFORMATION_SCHEMA database would not be exposed and readable...
That leads us to fully readable server variables like version used (10.1.26-MariaDB-0+deb9u1 - pretty ancient DB and OS, I'd assume). From here you can go south and do some kinky stuff, if you want and have knowledge for that. But who cares, right?
image.thumb.png.a03e3ddf781377e90e8079c6e8d7a6f5.png

 

Ooh, table core_pfields_content field_6 is IP address which is checked by FORUM_USER_ID. Yep, you can query all IP addresses there (124 of them right now) and also do whatever you want with them! 🙂 

image.thumb.png.aaa5da31f7b5912efc09a7e28e43f82c.png

The most fun part? Files source has been shared what, more than 2 years ago? 
Vilmis still uses very same credentials and never changed it after sources exposure - who cares. Although, "sources" may be way too strong word here.

If anyone still use paid Orion versions, I'd suggest packing your shit and leaving immediately, or at least fix this incompetent fool caused problems. It's obvious Vilmis don't care or maybe doesn't even know from the first place how to solve this problem (hint hint - tiny PHP Rest API microservice which would do absolutely the same but without exposing sensitive data?). By doing that, he exposes his infrastructure and YOUR data, and he does that for more than 2 years now 🙂 Developer of century!

 

 

Edited by L2LIVEpro
  • Haha 1
Link to comment
Share on other sites

he had a friend of mine as customer, he was asking money to fix his mistakes in core, eachtime and he was mad that his client was requesting assistance, and didnt even respond, if he is still around shame.

Link to comment
Share on other sites

6 hours ago, L2LIVEpro said:

Well, sorry not sorry for resurrecting old topic, but I believe it's ultimately stupid to implement license checks like Vilmis did 🙂


 

	private static String url = "jdbc:mysql://185.80.128.233/" + getData("Zm9ydW1fZGI=");
	private static String username = getData("bXJjb3B5cmlnaHQ=");
	private static String password = getData("Y29weXJpZ2h0XzEyMw==");

	con = GlobalDB.getInstance().getConnection();

	PreparedStatement statement;
	statement = con.prepareStatement("SELECT field_6 from core_pfields_content WHERE member_id = ?");
	statement.setInt(1, Config.FORUM_USER_ID);
	ResultSet rset = statement.executeQuery();

 

This awesome way of coding things leaves us with base64-encoded credentials and DB exposed and accessible globally 😉 Btw he checks his licensing data from some plugin generated table his forum uses.
Vilmis took action and ensured that mrcopyright user would have only needed accesses and rights for this operation. But he forgot to ensure that his INFORMATION_SCHEMA database would not be exposed and readable...
That leads us to fully readable server variables like version used (10.1.26-MariaDB-0+deb9u1 - pretty ancient DB and OS, I'd assume). From here you can go south and do some kinky stuff, if you want and have knowledge for that. But who cares, right?
image.thumb.png.a03e3ddf781377e90e8079c6e8d7a6f5.png

 

Ooh, table core_pfields_content field_6 is IP address which is checked by FORUM_USER_ID. Yep, you can query all IP addresses there (124 of them right now) and also do whatever you want with them! 🙂 

image.thumb.png.aaa5da31f7b5912efc09a7e28e43f82c.png

The most fun part? Files source has been shared what, more than 2 years ago? 
Vilmis still uses very same credentials and never changed it after sources exposure - who cares. Although, "sources" may be way too strong word here.

If anyone still use paid Orion versions, I'd suggest packing your shit and leaving immediately, or at least fix this incompetent fool caused problems. It's obvious Vilmis don't care or maybe doesn't even know from the first place how to solve this problem (hint hint - tiny PHP Rest API microservice which would do absolutely the same but without exposing sensitive data?). By doing that, he exposes his infrastructure and YOUR data, and he does that for more than 2 years now 🙂 Developer of century!

 

 

Protection from schoolchildren. And also terrible code, the project is built to wear out the database with queries.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.




  • Posts

    • I have a Polish friend who gave me a solution for this issue, all credit goes to @SSnakEE. The ingenuity is as follows. Total thanks to him. Playable.java insert to public boolean canKeepAttacking(Creature target) { //if target is flagged keep attacking if (targetPlayer.getPvpFlag() > 0) return true;  
    • adapt for 409 version wtih old config/sql/html's only the core update!   package net.sf.l2j.gameserver.model.actor.instance; import java.util.ArrayList; import java.util.List; import java.util.Map; import java.util.StringTokenizer; import net.sf.l2j.commons.lang.StringUtil; import net.sf.l2j.commons.math.MathUtil; import net.sf.l2j.Config; import net.sf.l2j.gameserver.data.SkillTable; import net.sf.l2j.gameserver.data.manager.BufferManager; import net.sf.l2j.gameserver.model.actor.Creature; import net.sf.l2j.gameserver.model.actor.Player; import net.sf.l2j.gameserver.model.actor.Summon; import net.sf.l2j.gameserver.model.actor.template.NpcTemplate; import net.sf.l2j.gameserver.network.serverpackets.ItemList; import net.sf.l2j.gameserver.network.serverpackets.MagicSkillUse; import net.sf.l2j.gameserver.network.serverpackets.NpcHtmlMessage; import net.sf.l2j.gameserver.skills.L2Skill; public class SchemmerBuffer extends Folk { private static final int PAGE_LIMIT = 6; public SchemmerBuffer(int objectId, NpcTemplate template) { super(objectId, template); } private void showMainWindow(Player activeChar) { final NpcHtmlMessage html = new NpcHtmlMessage(0); html.setFile(getHtmlPath(getNpcId(), 0)); html.replace("%objectId%", String.valueOf(getObjectId())); html.replace("%name%", activeChar.getName()); html.replace("%buffcount%", "You have " + activeChar.getBuffCount() + "/" + activeChar.getMaxBuffCount() + " buffs."); activeChar.sendPacket(html); } @Override public void onBypassFeedback(Player player, String command) { if (player.getPvpFlag() > 0 && Config.PRESTRICT_USE_BUFFER_ON_PVPFLAG) { player.sendMessage("You can't use buffer when you are pvp flagged."); return; } if (player.isInCombat() && Config.PRESTRICT_USE_BUFFER_IN_COMBAT) { player.sendMessage("You can't use buffer when you are in combat."); return; } if (player.isDead()) return; StringTokenizer st = new StringTokenizer(command, " "); String actualCommand = st.nextToken(); if (actualCommand.startsWith("bufflist")) { autoBuffFunction(player, st.nextToken()); } else if (actualCommand.startsWith("restore")) { String noble = st.nextToken(); player.getStatus().setMaxCpHpMp(); if (noble.equals("true")) { SkillTable.getInstance().getInfo(1323, 1).getEffects(player, player); player.broadcastPacket(new MagicSkillUse(this, player, 1323, 1, 850, 0)); } final Summon summon = player.getSummon(); if (summon != null) summon.getStatus().setMaxHpMp(); showMainWindow(player); } else if (actualCommand.startsWith("cancellation")) { L2Skill buff; buff = SkillTable.getInstance().getInfo(1056, 1); buff.getEffects(this, player); player.stopAllEffectsExceptThoseThatLastThroughDeath(); player.broadcastPacket(new MagicSkillUse(this, player, 1056, 1, 850, 0)); player.stopAllEffects(); final Summon summon = player.getSummon(); if (summon != null) summon.stopAllEffects(); showMainWindow(player); } else if (actualCommand.startsWith("openlist")) { String category = st.nextToken(); String htmfile = st.nextToken(); NpcHtmlMessage html = new NpcHtmlMessage(getObjectId()); if (category.startsWith("null")) { html.setFile("data/html/mods/buffer/" + htmfile + ".htm"); // First Page if (htmfile.equals("index")) { html.replace("%name%", player.getName()); html.replace("%buffcount%", "You have " + player.getBuffCount() + "/" + player.getMaxBuffCount() + " buffs."); } } else html.setFile("data/html/mods/buffer/" + category + "/" + htmfile + ".htm"); html.replace("%objectId%", String.valueOf(getObjectId())); player.sendPacket(html); } else if (actualCommand.startsWith("dobuff")) { int buffid = Integer.valueOf(st.nextToken()); int bufflevel = Integer.valueOf(st.nextToken()); String category = st.nextToken(); String windowhtml = st.nextToken(); String votebuff = null; if (st.hasMoreTokens()) votebuff = st.nextToken(); if (windowhtml.equals("malaria")) { if (player.getInventory().getItemCount(Config.PVOTE_BUFF_ITEM_ID, 0) >= 1) { player.getInventory().destroyItemByItemId("VoteCoins", Config.PVOTE_BUFF_ITEM_ID, 1, player, null); player.sendPacket(new ItemList(player, true)); player.sendMessage(1 + " Vote eye destroyed."); } else { player.sendMessage("You dont have enough (" + 1 + ") vote item for buff."); return; } } if (votebuff != null) { if (player.getInventory().getItemCount(Config.PVOTE_BUFF_ITEM_ID, 0) >= Config.PVOTE_BUFF_ITEM_COUNT) { player.getInventory().destroyItemByItemId("VoteCoins", Config.PVOTE_BUFF_ITEM_ID, Config.PVOTE_BUFF_ITEM_COUNT, player, null); player.sendPacket(new ItemList(player, true)); player.sendMessage(Config.PVOTE_BUFF_ITEM_COUNT + " vote stone destroyed."); } else { player.sendMessage("You dont have enough (" + Config.PVOTE_BUFF_ITEM_COUNT + ") vote item for buff."); return; } } Creature target = player; if (category.startsWith("pet")) { if (player.getSummon() == null) { player.sendMessage("Incorrect Pet"); showMainWindow(player); return; } target = player.getSummon(); } MagicSkillUse mgc = new MagicSkillUse(this, target, buffid, bufflevel, 1150, 0); player.sendPacket(mgc); player.broadcastPacket(mgc); SkillTable.getInstance().getInfo(buffid, bufflevel).getEffects(this, target); NpcHtmlMessage html = new NpcHtmlMessage(getObjectId()); html.setFile("data/html/mods/buffer/" + category + "/" + windowhtml + ".htm"); html.replace("%objectId%", String.valueOf(getObjectId())); html.replace("%name%", player.getName()); player.sendPacket(html); } else if (actualCommand.startsWith("getbuff")) { int buffid = Integer.valueOf(st.nextToken()); int bufflevel = Integer.valueOf(st.nextToken()); if (buffid != 0) { SkillTable.getInstance().getInfo(buffid, bufflevel).getEffects(this, player); broadcastPacket(new MagicSkillUse(this, player, buffid, bufflevel, 450, 0)); showMainWindow(player); } } else if (actualCommand.startsWith("support")) { showGiveBuffsWindow(player); } else if (actualCommand.startsWith("givebuffs")) { final String schemeName = st.nextToken(); final int cost = Integer.parseInt(st.nextToken()); Creature target = null; if (st.hasMoreTokens()) { final String targetType = st.nextToken(); if (targetType != null && targetType.equalsIgnoreCase("pet")) target = player.getSummon(); } else target = player; if (target == null) player.sendMessage("You don't have a pet."); else if (cost == 0 || player.reduceAdena("NPC Buffer", cost, this, true)) BufferManager.getInstance().applySchemeEffects(this, target, player.getObjectId(), schemeName); } else if (actualCommand.startsWith("editschemes")) { showEditSchemeWindow(player, st.nextToken(), st.nextToken(), Integer.parseInt(st.nextToken())); } else if (actualCommand.startsWith("skill")) { final String groupType = st.nextToken(); final String schemeName = st.nextToken(); final int skillId = Integer.parseInt(st.nextToken()); final int page = Integer.parseInt(st.nextToken()); final List<Integer> skills = BufferManager.getInstance().getScheme(player.getObjectId(), schemeName); if (actualCommand.startsWith("skillselect") && !schemeName.equalsIgnoreCase("none")) { if (skills.size() < player.getMaxBuffCount()) skills.add(skillId); else player.sendMessage("This scheme has reached the maximum amount of buffs."); } else if (actualCommand.startsWith("skillunselect")) skills.remove(Integer.valueOf(skillId)); showEditSchemeWindow(player, groupType, schemeName, page); } else if (actualCommand.startsWith("createscheme")) { try { final String schemeName = st.nextToken(); if (schemeName.length() > 14) { player.sendMessage("Scheme's name must contain up to 14 chars. Spaces are trimmed."); return; } final Map<String, ArrayList<Integer>> schemes = BufferManager.getInstance().getPlayerSchemes(player.getObjectId()); if (schemes != null) { if (schemes.size() == Config.PBUFFER_MAX_SCHEMES) { player.sendMessage("Maximum schemes amount is already reached."); return; } if (schemes.containsKey(schemeName)) { player.sendMessage("The scheme name already exists."); return; } } BufferManager.getInstance().setScheme(player.getObjectId(), schemeName.trim(), new ArrayList<>()); showGiveBuffsWindow(player); } catch (Exception e) { player.sendMessage("Scheme's name must contain up to 14 chars. Spaces are trimmed."); } } else if (actualCommand.startsWith("deletescheme")) { try { final String schemeName = st.nextToken(); final Map<String, ArrayList<Integer>> schemes = BufferManager.getInstance().getPlayerSchemes(player.getObjectId()); if (schemes != null && schemes.containsKey(schemeName)) schemes.remove(schemeName); } catch (Exception e) { player.sendMessage("This scheme name is invalid."); } showGiveBuffsWindow(player); } super.onBypassFeedback(player, command); } @Override public String getHtmlPath(int npcId, int val) { String filename = ""; if (val == 0) filename = "" + npcId; else filename = npcId + "-" + val; return "data/html/mods/buffer/" + filename + ".htm"; } /** * Send an html packet to the {@link Player} set a parameter with Give Buffs menu info for player and pet, depending on targetType parameter {player, pet}. * @param player : The {@link Player} to make checks on. */ private void showGiveBuffsWindow(Player player) { final StringBuilder sb = new StringBuilder(200); final Map<String, ArrayList<Integer>> schemes = BufferManager.getInstance().getPlayerSchemes(player.getObjectId()); if (schemes == null || schemes.isEmpty()) sb.append("<font color=\"LEVEL\">You haven't defined any scheme.</font>"); else { for (Map.Entry<String, ArrayList<Integer>> scheme : schemes.entrySet()) { final int cost = getFee(scheme.getValue()); StringUtil.append(sb, "<font color=\"LEVEL\">", scheme.getKey(), " [", scheme.getValue().size(), " / ", player.getMaxBuffCount(), "]", ((cost > 0) ? " - cost: " + StringUtil.formatNumber(cost) : ""), "</font><br1>"); StringUtil.append(sb, "<a action=\"bypass npc_%objectId%_givebuffs ", scheme.getKey(), " ", cost, "\">Use on Me</a>&nbsp;|&nbsp;"); StringUtil.append(sb, "<a action=\"bypass npc_%objectId%_givebuffs ", scheme.getKey(), " ", cost, " pet\">Use on Pet</a>&nbsp;|&nbsp;"); StringUtil.append(sb, "<a action=\"bypass npc_%objectId%_editschemes Buffs ", scheme.getKey(), " 1\">Edit</a>&nbsp;|&nbsp;"); StringUtil.append(sb, "<a action=\"bypass npc_%objectId%_deletescheme ", scheme.getKey(), "\">Delete</a><br>"); } } final NpcHtmlMessage html = new NpcHtmlMessage(0); html.setFile(getHtmlPath(getNpcId(), 1)); html.replace("%schemes%", sb.toString()); html.replace("%max_schemes%", Config.PBUFFER_MAX_SCHEMES); html.replace("%objectId%", getObjectId()); player.sendPacket(html); } /** * Send an html packet to the {@link Player} set as parameter with Edit Scheme Menu info. This allows the {@link Player} to edit each created scheme (add/delete skills) * @param player : The {@link Player} to make checks on. * @param groupType : The group of skills to select. * @param schemeName : The scheme to make check. * @param page : The current checked page. */ private void showEditSchemeWindow(Player player, String groupType, String schemeName, int page) { final NpcHtmlMessage html = new NpcHtmlMessage(0); final List<Integer> schemeSkills = BufferManager.getInstance().getScheme(player.getObjectId(), schemeName); html.setFile(getHtmlPath(getNpcId(), 2)); html.replace("%schemename%", schemeName); html.replace("%count%", schemeSkills.size() + " / " + player.getMaxBuffCount()); html.replace("%typesframe%", getTypesFrame(groupType, schemeName)); html.replace("%skilllistframe%", getGroupSkillList(player, groupType, schemeName, page)); html.replace("%objectId%", getObjectId()); player.sendPacket(html); } /** * @param player : The {@link Player} to make checks on. * @param groupType : The group of skills to select. * @param schemeName : The scheme to make check. * @param page : The current checked page. * @return A {@link String} representing skills available for selection for a given groupType. */ private String getGroupSkillList(Player player, String groupType, String schemeName, int page) { // Retrieve the entire skills list based on group type. List<Integer> skills = BufferManager.getInstance().getSkillsIdsByType(groupType); if (skills.isEmpty()) return "That group doesn't contain any skills."; // Calculate page number. final int max = MathUtil.countPagesNumber(skills.size(), PAGE_LIMIT); if (page > max) page = max; // Cut skills list up to page number. skills = skills.subList((page - 1) * PAGE_LIMIT, Math.min(page * PAGE_LIMIT, skills.size())); final List<Integer> schemeSkills = BufferManager.getInstance().getScheme(player.getObjectId(), schemeName); final StringBuilder sb = new StringBuilder(skills.size() * 150); int row = 0; for (int skillId : skills) { final String icon = (skillId < 100) ? "icon.skill00" + skillId : (skillId < 1000) ? "icon.skill0" + skillId : "icon.skill" + skillId; sb.append(((row % 2) == 0 ? "<table width=\"280\" bgcolor=\"000000\"><tr>" : "<table width=\"280\"><tr>")); if (schemeSkills.contains(skillId)) StringUtil.append(sb, "<td height=40 width=40><img src=\"", icon, "\" width=32 height=32></td><td width=190>", SkillTable.getInstance().getInfo(skillId, 1).getName(), "<br1><font color=\"B09878\">", BufferManager.getInstance().getAvailableBuff(skillId).getDescription(), "</font></td><td><button action=\"bypass npc_%objectId%_skillunselect ", groupType, " ", schemeName, " ", skillId, " ", page, "\" width=32 height=32 back=\"L2UI_CH3.mapbutton_zoomout2\" fore=\"L2UI_CH3.mapbutton_zoomout1\"></td>"); else StringUtil.append(sb, "<td height=40 width=40><img src=\"", icon, "\" width=32 height=32></td><td width=190>", SkillTable.getInstance().getInfo(skillId, 1).getName(), "<br1><font color=\"B09878\">", BufferManager.getInstance().getAvailableBuff(skillId).getDescription(), "</font></td><td><button action=\"bypass npc_%objectId%_skillselect ", groupType, " ", schemeName, " ", skillId, " ", page, "\" width=32 height=32 back=\"L2UI_CH3.mapbutton_zoomin2\" fore=\"L2UI_CH3.mapbutton_zoomin1\"></td>"); sb.append("</tr></table><img src=\"L2UI.SquareGray\" width=277 height=1>"); row++; } for (int i = PAGE_LIMIT; i > row; i--) StringUtil.append(sb, "<img height=41>"); // Build page footer. sb.append("<br><img src=\"L2UI.SquareGray\" width=277 height=1><table width=\"100%\" bgcolor=000000><tr>"); if (page > 1) StringUtil.append(sb, "<td align=left width=70><a action=\"bypass npc_" + getObjectId() + "_editschemes ", groupType, " ", schemeName, " ", page - 1, "\">Previous</a></td>"); else StringUtil.append(sb, "<td align=left width=70>Previous</td>"); StringUtil.append(sb, "<td align=center width=100>Page ", page, "</td>"); if (page < max) StringUtil.append(sb, "<td align=right width=70><a action=\"bypass npc_" + getObjectId() + "_editschemes ", groupType, " ", schemeName, " ", page + 1, "\">Next</a></td>"); else StringUtil.append(sb, "<td align=right width=70>Next</td>"); sb.append("</tr></table><img src=\"L2UI.SquareGray\" width=277 height=1>"); return sb.toString(); } /** * @param groupType : The group of skills to select. * @param schemeName : The scheme to make check. * @return A {@link String} representing all groupTypes available. The group currently on selection isn't linkable. */ private static String getTypesFrame(String groupType, String schemeName) { final StringBuilder sb = new StringBuilder(500); sb.append("<table>"); int count = 0; for (String type : BufferManager.getInstance().getSkillTypes()) { if (count == 0) sb.append("<tr>"); if (groupType.equalsIgnoreCase(type)) StringUtil.append(sb, "<td width=65>", type, "</td>"); else StringUtil.append(sb, "<td width=65><a action=\"bypass npc_%objectId%_editschemes ", type, " ", schemeName, " 1\">", type, "</a></td>"); count++; if (count == 4) { sb.append("</tr>"); count = 0; } } if (!sb.toString().endsWith("</tr>")) sb.append("</tr>"); sb.append("</table>"); return sb.toString(); } /** * @param list : A {@link List} of skill ids. * @return a global fee for all skills contained in the {@link List}. */ private static int getFee(ArrayList<Integer> list) { if (Config.PBUFFER_STATIC_BUFF_COST > 0) return list.size() * Config.PBUFFER_STATIC_BUFF_COST; int fee = 0; for (int sk : list) fee += BufferManager.getInstance().getAvailableBuff(sk).getPrice(); return fee; } private void autoBuffFunction(Player player, String bufflist) { ArrayList<L2Skill> skills_to_buff = new ArrayList<>(); List<Integer> list = null; if (bufflist.equalsIgnoreCase("fighter")) list = Config.PFIGHTER_SKILL_LIST; else if (bufflist.equalsIgnoreCase("mage")) list = Config.PMAGE_SKILL_LIST; if (list != null) { for (int skillId : list) { L2Skill skill = SkillTable.getInstance().getInfo(skillId, SkillTable.getInstance().getMaxLevel(skillId)); if (skill != null) skills_to_buff.add(skill); } for (L2Skill sk : skills_to_buff) sk.getEffects(player, player); player.updateEffectIcons(); list = null; } skills_to_buff.clear(); showMainWindow(player); } }  
    • L2 OPIUM - AUTO FARM HTML    
    • json_extract does not exist. -> wrong mysql server version.
  • Topics

×
×
  • Create New...